log-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of markdown-based instructions and examples. It does not include any Python scripts, JavaScript files, or other executable code that would run on the agent's host system.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because its primary function is to interpret and summarize data from external, untrusted log files.\n
- Ingestion points: Logs provided by users or read from the filesystem are processed by the agent (SKILL.md).\n
- Boundary markers: The instructions do not specify any delimiters or safety markers to help the agent distinguish between log data and potential instructions embedded within that data.\n
- Capability inventory: The skill directs the agent to analyze error traces, summarize root causes, and use system utilities like grep to search through content (SKILL.md).\n
- Sanitization: No sanitization or validation steps are included to verify that log entries do not contain malicious instructions before they are processed by the LLM.
Audit Metadata